On 2018-06-06 01:29:49 +0000 (+0000), Jeremy Stanley wrote: [...] > Seeing no further objections, I give you > https://review.openstack.org/572656 for the next step.
That change merged just a few minutes ago, and https://governance.openstack.org/tc/reference/base-services.html#current-list-of-base-services now includes: A Castellan-compatible key store OpenStack components may keep secrets in a key store, using Oslo’s Castellan library as an indirection layer. While OpenStack provides a Castellan-compatible key store service, Barbican, other key store backends are also available for Castellan. Note that in the context of the base services set Castellan is intended only to provide an interface for services to interact with a key store, and it should not be treated as a means to proxy API calls from users to that key store. In order to reduce unnecessary exposure risks, any user interaction with secret material should be left to a dedicated API instead (preferably as provided by Barbican). Thanks to everyone who helped brainstorming/polishing, and here's looking forward to a ubiquity of default security features and functionality in future OpenStack releases! -- Jeremy Stanley
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
